}
struct server *id2server(char *id, uint8_t len) {
-#ifndef REGEXP
- int i;
- char *idrealm;
- struct server *deflt = NULL;
-
- idrealm = strchr(id, '@');
- if (idrealm) {
- idrealm++;
- len -= idrealm - id;
- } else {
- idrealm = "-";
- len = 1;
- }
-
- for (i = 0; i < realm_count; i++) {
- if (!deflt && realms[i].name[0] == '*' && realms[i].name[1] == '\0')
- deflt = realms[i].server;
- else if (!strncasecmp(idrealm, realms[i].name, len)) {
- debug(DBG_DBG, "found matching realm: %s, host %s", realms[i].name, realms[i].server->peer.host);
- return realms[i].server;
- }
- }
- return deflt;
-#else
int i;
for (i = 0; i < realm_count; i++)
if (!regexec(&realms[i].regex, id, 0, NULL, 0)) {
return realms[i].server;
}
return NULL;
-#endif
}
int rqinqueue(struct server *to, struct client *from, uint8_t id) {
if (i == server_count)
debugx(1, DBG_ERR, "addrealm failed, no server %s", server);
+ /* temporary warnings */
+ if (*value == '*')
+ debugx(1, DBG_ERR, "Regexps are now used for specifying realms, a string\nstarting with '*' is meaningless, you probably want '.*' for matching everything\nEXITING\n");
+ if (value[strlen(value) - 1] != '$' && value[strlen(value) - 1] != '*') {
+ debug(DBG_ERR, "Regexps are now used for specifying realms, you\nprobably want to rewrite this as e.g. '@example\\.com$' or '\\.com$'\nYou can even do things like '[a-n].*@example\\.com$' to make about half of the\nusers use this server. Note that the matching is case insensitive.\n");
+ sleep(3);
+ }
realm_count++;
realms = realloc(realms, realm_count * sizeof(struct realm));
if (!realms)
#also the lines above may be in any order, except that a realm
#can only be configured to use a server that is previously configured.
+#Also note that case insensitive regexp is used for realms, matching
+#the entire username string. The matching is done in the order the
+#realms are specified, using the first match found. Some examples are
+#"@example\.com$", "\.com$", ".*" and "[a-z].*@example\.com$".
+#To treat local users separately you might try first specifying "@"
+#and after that ".*".
+
client 2001:db8::1 {
type tls
secret verysecret
type UDP
secret secret
}
-realm eduroam.cc {
+realm @eduroam\.cc$ {
server 127.0.0.1
}
secret verysecret
}
-realm example.com {
+realm @example\.com$ {
server 2001:db8::1
}
-realm com {
+realm \.com$ {
server 2001:db8::1
}
-# Matching of realms is done in the order specified.
-# Except * which is a catch all that is used as a last resort
-# The matching is going to be changed to be regexp of the
-# entire username value
-realm * {
+realm .* {
server radius.example.com
}